CN109450948A - Data transmission method and device - Google Patents
Data transmission method and device Download PDFInfo
- Publication number
- CN109450948A CN109450948A CN201811614050.3A CN201811614050A CN109450948A CN 109450948 A CN109450948 A CN 109450948A CN 201811614050 A CN201811614050 A CN 201811614050A CN 109450948 A CN109450948 A CN 109450948A
- Authority
- CN
- China
- Prior art keywords
- network
- data
- message
- application program
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
Abstract
The present invention provides a kind of data transmission method and devices, this method comprises: receiving the first message of the first application program in first network;First message includes first request of data or first response data of first application program to the second application program in the second network;From the first connection pool in first network, the first communication connection between first network and the first unidirectional gateway is obtained;Using the first communication connection, first message is sent to the second network via the first unidirectional gateway;Establish the second communication connection between first network and the second unidirectional gateway;Using the second communication connection, the second message from the second unidirectional gateway is received;Second message is sent to the second unidirectional gateway by the second application program in the second network;Second message is sent to the first application program.Application program of the invention is not necessarily to and two unidirectional gateway communications, development difficulty, the data degree of coupling of application program is reduced, to be conducive to the extension and maintenance of application program.
Description
Technical field
The present invention relates to technical field of data transmission, more particularly to a kind of data transmission method and device.
Background technique
Currently, mainly connect by application program with unidirectional gateway when exchanging the data between Intranet and outer net, from
And the transmission of the data exchange between intranet and extranet is carried out by means of unidirectional gateway.
So when exploitation is directly facing application program (i.e. the software) of unidirectional gateway communication, need to open in the application
Send out its connection between unidirectional gateway, data are sent and data receiver etc. cumbersome code logic.Also, in exploitation
In application program, data transfer layer and service code layer are coupled.
Therefore, when application program being connect and carried out data transmission with unidirectional gateway direct communication, often there is applications
Program development difficulty is big, the data degree of coupling is high, is unfavorable for the problem of extension of application program.
Summary of the invention
The present invention provides a kind of data transmission method and devices, to solve to develop towards unidirectional gateway in the related technology
Application program is come when carrying out the data exchange between intranet application and outer net application program, existing application development
Difficulty is big, the data degree of coupling is high, is unfavorable for the problem of extension of application program.
To solve the above-mentioned problems, according to an aspect of the present invention, the invention discloses a kind of data transmission method, packets
It includes:
Receive the first message of the first application program in first network;
Wherein, the first message includes first application program to first of the second application program in the second network
Request of data or the first response data;
Wherein, it is physically isolated between the first network and second network;
From the first connection pool in first network, first obtained between the first network and the first unidirectional gateway is led to
Letter connection;
Using first communication connection, the first message is sent to the second net via the described first unidirectional gateway
Network;
Wherein, the described first unidirectional gateway is used for from the first network to second transmitted data on network;
Establish the second communication connection between the first network and the second unidirectional gateway;
Wherein, the described second unidirectional gateway is used to transmit data from second network to the first network;
Using second communication connection, the second message from the described second unidirectional gateway is received;
Wherein, the second message is sent to described second unidirectionally by second application program in second network
Gateway;The second message includes second request of data or second sound of second application program to first application program
Answer data;
Judge that the second message includes second request of data or second response data;
If the second message includes second request of data, second request of data is sent to described first
Application program;
If the second message includes the second response data, second response data is sent to first application
Program.
Optionally, described using first communication connection, the first message is sent out via the described first unidirectional gateway
It send to before the second network, the method also includes:
Coded treatment is made to the first message;
It is described to be communicated to connect using described first, the first message is sent to second via the described first unidirectional gateway
Network, comprising:
Using first communication connection, the first message after coding is sent to via the described first unidirectional gateway
Second network.
Optionally, the judgement second message include second request of data or second response data it
Before, the method also includes:
Decoding process is made to the second message;
The judgement second message includes second request of data or second response data, comprising:
Judge that the decoded second message includes second request of data or second response data.
Optionally, the judgement second message include second request of data or second response data it
Before, the method also includes:
Obtain the default identification information of second application program carried in the second message;
Judgement is stored in advance into the application identification information of first application program, if includes the default mark letter
Breath;
If it is not, then filtering the second message;
The judgement second message includes second request of data or second response data, comprising:
It include the default identification information, then if being stored in advance into the application identification information of first application program
Judge that the second message includes second request of data or second response data.
Optionally, second communication connection established between the first network and the second unidirectional gateway, comprising:
Establish the second communication connection between the first listening port in the first network and the second unidirectional gateway.
According to another aspect of the present invention, the invention also discloses a kind of data transmission devices, comprising:
First receiving module, for receiving the first message of the first application program in first network;
Wherein, the first message includes first application program to first of the second application program in the second network
Request of data or the first response data;
Wherein, it is physically isolated between the first network and second network;
First obtains module, for from the first connection pool in first network, obtaining the first network and the first list
To the first communication connection between gateway;
First sending module, it is for being communicated to connect using described first, the first message is unidirectional via described first
Gateway is sent to the second network;
Wherein, the described first unidirectional gateway is used for from the first network to second transmitted data on network;
Module is established, the second communication connection for establishing between the first network and the second unidirectional gateway;
Wherein, the described second unidirectional gateway is used to transmit data from second network to the first network;
Second receiving module, for receiving second from the described second unidirectional gateway using second communication connection
Message;
Wherein, the second message is sent to described second unidirectionally by second application program in second network
Gateway;The second message includes second request of data or second sound of second application program to first application program
Answer data;
First judgment module, for judging that the second message includes second request of data or second response
Data;
Second sending module, if including second request of data for the second message, by second data
Request is sent to first application program;
Third sending module, if including the second response data for the second message, by second response data
It is sent to first application program.
Optionally, described device further include:
Coding module, for making coded treatment to the first message;
First sending module is also used to pass through the first message after coding using first communication connection
Second network is sent to by the described first unidirectional gateway.
Optionally, described device further include:
Decoder module, for making decoding process to the second message;
The first judgment module, be also used to judge the decoded second message include second request of data also
It is second response data.
Optionally, described device further include:
Second obtains module, and the default mark for obtaining second application program carried in the second message is believed
Breath;
Second judgment module is stored in advance for judging into the application identification information of first application program, if
Include the default identification information;
Filtering module, if being stored in advance for second judgment module judgement to the application mark of first application program
Know in information, does not include the default identification information, then filter the second message;
The first judgment module is stored in advance to described first if being also used to the second judgment module judgement using journey
In the application identification information of sequence, includes the default identification information, then judge that the second message includes that second data are asked
Seek still second response data.
Optionally, described to establish module, the first listening port for being also used to establish in the first network and second is unidirectionally
The second communication connection between gateway.
Compared with prior art, the present invention includes the following advantages:
The present invention obtains first network and the first list by receiving the first message of the first application program in first network
To the first communication connection between gateway, without the connection established between the first application program and the first unidirectional gateway, and utilize
First communication connection, is sent to the second network via the first unidirectional gateway for first message;In addition, the embodiment of the present invention may be used also
With the second communication connection established between first network and the second unidirectional gateway, to be received using the second communication connection from the
Second application program of two networks and via the second message of the second unidirectional gateway, and send it in first network first
Application program.In the data exchange process of the second application program of the first application program and the second network of first network, answer
It is not necessarily to program and two unidirectional gateways communicates, it is only necessary to sent message and receive message, significantly reduce opening for application program
Degree of raising difficult questions;Also, application program need to only carry out data transmission, without carrying out the processing of service logic, and the embodiment of the present invention
Middleware realizes the processing of service logic, so that data transfer layer and service code layer be decoupled, reduces the data degree of coupling,
To be conducive to the extension and maintenance of application program.
Detailed description of the invention
Fig. 1 is a kind of schematic diagram of data transmission system embodiment of the invention;
Fig. 2 is a kind of step flow chart of data transmission method embodiment of the invention;
Fig. 3 is a kind of structural block diagram of data transmission device embodiment of the invention.
Specific embodiment
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, with reference to the accompanying drawing and specific real
Applying mode, the present invention is described in further detail.
Referring to Fig.1, a kind of schematic diagram of data transmission system embodiment of the invention is shown.
The data transmission system includes application program 1 and middleware 1 in first network, in answering for the second network
With program 2 and middleware 2.
Wherein, it is physically isolated between the first network and second network, when first network is outer net, the second net
Network is Intranet;When first network is Intranet, the second network is outer net.It is real in the present embodiment and transmission method shown in Fig. 2
It applies in example, first network is outer net, and the second network is Intranet.
It wherein, include the first unidirectional gateway (gateway 1 as shown in Figure 1) between the first network and second network
With the second unidirectional gateway (gateway 2 as shown in Figure 1), the first unidirectional gateway is used for from the first network to described second
Transmitted data on network, the second unidirectional gateway are used to transmit data from second network to the first network.
Wherein, Intranet is internal security network, and outer net is public network.
And gateway 1 and gateway 2 are then two physical equipments, gateway 1 and gateway 2 are deployed between Intranet and outer net, interior
Net and outer net carry out data interaction by using two unidirectional gateways.
In order to avoid develop be directly facing unidirectional gateway application program (for example, application program 1 directly with gateway 1 and net
Lock 2 communicates, to achieve the purpose that inside and outside network data transmission;For another example application program 2 is directly communicated to connect with gateway 1 and gateway 2, is come
Achieve the purpose that inside and outside network data transmission) caused by application development difficulty it is big, the data degree of coupling is high, is unfavorable for using journey
The problem of extension of sequence, develops middleware in outer net and Intranet in embodiments of the present invention, as shown in Figure 1, here will place
Middleware in outer net is named as middleware 1, and the middleware in Intranet is named as middleware 2.
The middleware (middleware) of the embodiment of the present invention is a kind of independent system software or service routine, using journey
Middleware can be used to be communicated with unidirectional gateway, since middleware can shield gateway, so that application program is opened in sequence
Originator can not have to the presence for being concerned about unidirectional gateway, only need to be towards middle unit development application program, to reduce application program
Development difficulty.
Middleware is located on the operating system of client/server, is responsible for sending and receiving application program and unidirectional network
Data packet between lock.It is the software for connecting two independent unidirectional gateways, the request data that application program can be sent
Packet is sent to the other end, has handled in the other end and then response data packet is sent to request end.
When developing the application program towards middleware, it is only necessary to develop to middleware and send data, receive from centre
The response data of part;Alternatively, request data is received from middleware, then to middleware returning response data.Without exploitation
Communication connection between application program and unidirectional gateway, so, the embodiment of the present invention by application program and unidirectional gateway it
Between communication in develop middleware, so as to reduce the exploitation requirement of application program, simplify development process, improve using journey
The reusability of sequence, facilitates test and maintenance;And the data transfer layer of application program and business layer identification code can be made to be separated,
The appearance for reducing error situation in exploitation, enhances scalability.
It shows a kind of data transmission method of the invention referring to Fig. 2 based on data transmission system shown in FIG. 1 and implements
The step flow chart of example.Fig. 2 shows the embodiment of the present invention exploitation middleware realized data transmission method the step of stream
Cheng Tu.
Due to the middleware being whether deployed in outer net or Intranet, may be implemented the number of local terminal application program
It is sent to the other end according to request or response data, and the response data or request of data that receive the transmission of other end application program are simultaneously
It is transmitted to the function of local terminal application program.So in order to avoid repeating to repeat, in the embodiment shown in Figure 2, with middleware 1
Part workflow illustrates the data transmission stream that the request of data of local terminal application program or response data are sent to the other end
Journey, with the part workflow of middleware 2 come illustrate receive other end application program send response data or request of data simultaneously
It is transmitted to the function of local terminal application program.
This method can specifically include following steps:
Step 100, the listening port 1 of outer net connection pool and middleware 1 is initialized;
Step 200, the listening port 2 of Intranet connection pool and middleware 2 is initialized;
Wherein, Intranet and outer net are each equipped with respective connection pool.
Connection pool is the buffer pool of one connection of creation and management, and connection pool includes multiple connections, these connections are ready to
By they any required thread come using.
Wherein, above-mentioned steps 100 can be executed by middleware 1, and step 200 can be executed by middleware 2, at other
In embodiment, above-mentioned two step can also be executed by other devices in outer net, Intranet respectively, and the present invention does not limit this
System.
As shown in Figure 1, the connection pool of outer net includes connection A, connection A can be established the middleware 1 of outer net and gateway 1
Socket (socket) communication connection, middleware 1 by called from outer net connection pool connection A so as to gateway 1 into
Row communication, middleware 1 mainly sends the message (request of data or number of responses sent by application program 1 by connection A here
According to) to gateway 1;
So the connection pool of outer net is initialized here, i.e., each connection in connection pool is initialized.
The listening port 1 of the middleware 1 of outer net is responsible for and gateway 2 establishes Socket communication connection B, and monitors the hair of gateway 2
The data sent, then middleware 1 then can receive the message (request of data and sound of the application program 2 from Intranet by connecting B
Answer data).
So listening port 1 is initialized here, consequently facilitating subsequent establish connection B.
Similar, the connection pool of Intranet includes connection C, and connection C can establish the middleware 2 of Intranet and gateway 2
Socket communication connection, middleware 2 by calling connection C so as to be communicated with gateway 2 from Intranet connection pool, this
In middleware 2 message (request of data or response data that are sent by application program 2) is mainly sent to gateway 2 by connection C;
So the connection pool of Intranet is initialized here, i.e., each connection in connection pool is initialized.
The listening port 2 of the middleware 2 of Intranet is responsible for and gateway 1 establishes Socket connection communication D, and monitors the hair of gateway 1
The data sent, then middleware 2 then can receive the message (request of data and sound of the application program 2 from Intranet by connecting D
Answer data)
So listening port 2 is initialized here, consequently facilitating subsequent establish connection D.
In addition, the embodiment of the present invention in advance configures middleware 1, middleware 2, gateway 1 and gateway 2, thus just
Aforementioned four connection is established in subsequent.
For example, the embodiment of the present invention has been pre-configured with the port 3 of gateway 1 to middleware 1, then middleware 1 is from outer net
The connection A obtained in connection pool is to the connection for communicating the port 3 of middleware 1 and gateway 1.
And the destination address of middleware 2 has been pre-configured on gateway 1, i.e. listening port 2, so that gateway 1 can be with centre
Part 2 establishes connection D.
So middleware 1 is in the request/response to Intranet for receiving application program 1, just in transmitting uplink data
Request/response can be sent to the port 3 of gateway 1 by connection A, the port 3 of gateway 1 receives request/response, then passes through
D is connected, request/response is sent to the listening port 2 of middleware 2;
Similar, the port 4 of gateway 2 is pre-configured with to middleware 1, then middleware 2 is in the connection pool from Intranet
The connection C of acquisition is to the connection for communicating the port 4 of middleware 2 and gateway 2.
And the destination address of middleware 1 has been pre-configured on gateway 2, i.e. listening port 1, so that gateway 2 can be with centre
Part 1 establishes connection B.
So middleware 2 is in the request/response to outer net for receiving application program 2, just in downlink data transmission
Request/response can be sent to the port 4 of gateway 2 by connection C, the port 4 of gateway 2 receives request/response, then passes through
B is connected, request/response is sent to the listening port 1 of middleware 1.
Above-mentioned steps 100 and step 200 are the prerequisite steps that the system of the embodiment of the present invention is carried out after actuation, because
This, belongs to optional step in the transmission method of the embodiment of the present invention.
Step 101, the first message of the application program 1 in outer net is received;
Wherein, the first message includes first request of data or first of the application program 1 to the application program 2 in Intranet
Response data;
Wherein, here using first network as outer net, the second network is the explanation that Intranet carries out process, it should be noted that
It is that, when first network is Intranet, and the second network is outer net, transmission method described in the embodiment of the present invention equally may be implemented,
Method flow is similar, therefore does not do and repeat one by one.
Wherein, when the application program 1 in outer net, which wants request, obtains data from the application program 2 in Intranet, then the
One message is the first request of data, when the application program 2 in Intranet makees the second request of data to application program 1, then here
First response data is the response data for the second request of data.
In specific implementation, application program 1 due to be towards middleware 1 develop, sent a message in its needs
When Intranet, application program 1 can call the method that can send message of middleware 1.For example, when it needs to carry out data
When request, then the methods of get () or post () can be called to send the first request of data, when it needs to send response data,
The methods of sent () can be then called to send the first response data.In this way, middleware 1, which can receive, carrys out self-application journey
The first message of sequence 1.
Step 102, from the outer net connection pool in outer net, the connection A between the outer net and gateway 1 is obtained;
Wherein, the first communication connection here is the above-mentioned connection A obtained from outer net connection pool.
Optionally, step 103, coded treatment is made to the first message;
Wherein, the mode of coded treatment can include but is not limited to compression, Packet reassembling etc..
Wherein, the present invention for step 102 and step 103 execution sequence with no restrictions.
Step 104, using the connection A, the first message after coding is sent to Intranet via the gateway 1;
Wherein, gateway 1 has been pre-configured with the destination address of middleware 2, is here listening port 2, then middleware 1 utilizes
After first message is sent to gateway 1 by connection A, first message can be then sent to the listening port 2 of middleware 2 by gateway 1,
To achieve the purpose that first message mode to Intranet.
Step 201, the connection D between the Intranet and gateway 1 is established;
Wherein, middleware 2 can establish the connection D between the listening port 2 in the Intranet and gateway 1.
Step 202, using the connection D, the first message from the gateway 2 is received;
Wherein, middleware 2 can use the connection D to receive the first message that middleware 1 is sent via gateway 1.
Specifically, first message is sent to the listening port 2 of middleware 2 by gateway 1, middleware 2 is obtained from listening port 2
Get first message.
Optionally, step 203, decoding process is made to the first message;
Wherein, the mode of decoding process is corresponding with the mode of above-mentioned coded treatment, can include but is not limited to decompression,
Weed out identity property relevant to website transmission and test serial number etc..
Optionally, step 204, the default mark letter of the application program 1 carried in the decoded first message is obtained
Breath;
Wherein, which can be the IP address of application program 1.
Optionally, step 205, judgement is stored in advance into the application identification information of first application program, if packet
Containing the default identification information;
Wherein, in order to ensure the safety of data in Intranet, be not illegally stolen, the method for the embodiment of the present invention just for
The application program that application program 2 into Intranet registered provides data access, wherein registered application program is in middleware
2 sides can save the application identification information (such as IP address) of registered applications program, so, this step may determine that into
Whether the application program 1 of row request of data is the authoring program registered to application program 2.
If it is not, then step 206, filters the first message;
Illustrating that the application program 1 did not register, the first message of request does not need to respond, directly filters,
Any response processing is not done.
If so, step 207, judges that the decoded first message includes first request of data or described first
Response data;
That is, in the case where determining application program 1 is the authoring program registered in advance to application program 2, then
It may determine that the decoded first message is request of data or response data, be the first request of data or the first sound
Answer data.
Step 208, if the first message includes first request of data, first request of data is sent to
Application program 2;
Wherein, if first message is the first request of data, illustrate that the application program 1 of outer net wants access to application program
The first request of data that certification passes through then can be sent to monitor, be asked first data by monitor by the data in 2
It asks and is sent to application program 2.
It wherein, may include monitor in middleware 2, the message of monitor request type for receiving data, therefore,
It can receive the first request of data, and be transmitted to application program 2.
Step 209, if the first message includes the first response data, first response data is sent to application
Program 2.
Wherein, if first message is response data, illustrate that first message transmitted by the application program 1 of outer net is pair
The response of second request of data of application program 2, here it is possible to which the first response data is sent to application program 2.
It, can be by way of obstruction or monitoring specifically, when the first response data is sent to application program 2
Mode obtains the first response data, and forwards it to application program 2.
Wherein, when the response data is important, i.e., when priority is lower, the first response data can be hindered
Plug, when program 2 to be applied is not at busy condition, then receives first response data;When the response data is important, i.e.,
It, then can be by the way of monitoring, as long as listening to response data, such as the first number of responses here when priority is higher
According to being forwarded to application program 2.
Middleware 1 is described in detail how by the first data of the application program 1 of outer net in 101~step 104 of above-mentioned steps
Request or the first response data, are sent to Intranet via gateway 1;Middleware 2 is described in detail how in step 201~step 209
By above-mentioned first request of data or the first response data from outer net, the application program 2 of Intranet is sent to via gateway 1.
And middleware 2 sends the second response data or the second request of data of the application program 2 of Intranet via gateway 2
It is substantially similar with step 101~step 104 performed by above-mentioned middleware 1 to the process of outer net, therefore, do not do herein in detail
Carefully repeat;
Similarly, middleware 1 sends above-mentioned second response data or the second request of data from Intranet via gateway 2
It is substantially similar with step 201~step 209 performed by above-mentioned middleware 2 to the process of the application program 1 of outer net, therefore,
It is not described in detail herein.
That is, 101~the step 104 of above-mentioned steps executed by middleware 1, can also it is similar by middleware 2
It executes, correspondingly, the 201~step 209 of above-mentioned steps executed by middleware 2, similar can also be executed by middleware 1.
Because middleware 1 and middleware 2 are the same a products of exploitation, only it is deployed in heterogeneous networks, their function
Identical, middleware 1 and middleware 2 are provided with from local terminal to the other end and send data, and receive from the other end to local terminal
The function of the data of transmission.
So due to 101~step 104 of above-mentioned steps and step 201~step 209 be described in detail data from
Transmission mode from outer net to Intranet detailed process, therefore, transmission mode of the present invention no longer to data from Intranet to outer net
Detailed process repeats, and mutually refers to.
Wherein, to the response results of the first request of data, i.e., outside the second response data here can be application program 2
When net is to Intranet request data, after step 209, application program 2 responds the first request of data, pass through call it is intermediate
The method (such as sent () method exemplified above) that can send message of part 2, is sent to centre for the second response data
Part 2.
Similar, above-mentioned first response data can be application program 1 to the response results of the second request of data, i.e., including
When net is to outer net request data, application program 1 responds the second request of data, passes through and calls capable of sending for middleware 1
The method (such as sent () method exemplified above) of message, is sent to middleware 1 for the first response data, thus in
Between part 1 execute above-mentioned steps 101.
By means of the technical solution of the above embodiment of the present invention, the present invention is by receiving the first application program in first network
First message, and the first communication connection between first network and the first unidirectional gateway is obtained, without establishing first using journey
Connection between sequence and the first unidirectional gateway, and using first communication connection, first message is sent out via the first unidirectional gateway
It send to the second network;In addition, second communicating of can also establishing between first network and the second unidirectional gateway of the embodiment of the present invention
Connection, to receive the second application program from the second network using the second communication connection and via the of the second unidirectional gateway
Two message, and send it to the first application program in first network.In the first application program and the second net of first network
In the data exchange process of second application program of network, application program is not necessarily to and two unidirectional gateway communications, it is only necessary to which transmission disappears
Breath and reception message, significantly reduce the development difficulty of application program;Also, application program need to only carry out data transmission, and be not necessarily to
The processing of service logic is carried out, and the middleware of the embodiment of the present invention realizes the processing of service logic, so that data be transmitted
Layer and the decoupling of service code layer, reduce the data degree of coupling, to be conducive to the extension and maintenance of application program.
In addition, the data packet that the data transmission method of the embodiment of the present invention is transmitted can support various protocols, such as
The data packet of http protocol, data packet of Transmission Control Protocol etc., when the data packet to various agreements carries out data transmission, method
All be it is similar, executed according to transmission flow described in above-mentioned Fig. 2 embodiment.So by configuring its branch on middleware
The protocol type held promotes number in Intranet or outer net to can also control the data type of the transmission between internal, external network
According to safety.
It should be noted that for simple description, therefore, it is stated as a series of action groups for embodiment of the method
It closes, but those skilled in the art should understand that, embodiment of that present invention are not limited by the describe sequence of actions, because according to
According to the embodiment of the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art also should
Know, the embodiments described in the specification are all preferred embodiments, and the related movement not necessarily present invention is implemented
Necessary to example.
It is corresponding with method provided by the embodiments of the present invention, referring to Fig. 3, show a kind of data transmission of the present invention
The structural block diagram of Installation practice, can specifically include following module:
First receiving module 31, for receiving the first message of the first application program in first network;
Wherein, the first message includes first application program to first of the second application program in the second network
Request of data or the first response data;
Wherein, it is physically isolated between the first network and second network;
First obtains module 32, for obtaining the first network and first from the first connection pool in first network
The first communication connection between unidirectional gateway;
First sending module 33, it is for being communicated to connect using described first, the first message is single via described first
The second network is sent to gateway;
Wherein, the described first unidirectional gateway is used for from the first network to second transmitted data on network;
Module 34 is established, the second communication connection for establishing between the first network and the second unidirectional gateway;
Wherein, the described second unidirectional gateway is used to transmit data from second network to the first network;
Second receiving module 35, for receiving the from the described second unidirectional gateway using second communication connection
Two message;
Wherein, the second message is sent to described second unidirectionally by second application program in second network
Gateway;The second message includes second request of data or second sound of second application program to first application program
Answer data;
First judgment module 36, for judging that the second message includes second request of data or second sound
Answer data;
Second sending module 37, if including second request of data for the second message, by second number
First application program is sent to according to request;
Third sending module 38, if including the second response data for the second message, by second number of responses
According to being sent to first application program.
Optionally, described device further include:
Coding module, for making coded treatment to the first message;
First sending module 33 is also used to using first communication connection, by the first message after coding
The second network is sent to via the described first unidirectional gateway.
Optionally, described device further include:
Decoder module, for making decoding process to the second message;
The first judgment module 36 is also used to judge that the decoded second message includes second request of data
Or second response data.
Optionally, described device further include:
Second obtains module, and the default mark for obtaining second application program carried in the second message is believed
Breath;
Second judgment module is stored in advance for judging into the application identification information of first application program, if
Include the default identification information;
Filtering module, if being stored in advance for second judgment module judgement to the application mark of first application program
Know in information, does not include the default identification information, then filter the second message;
The first judgment module 36 is stored in advance if being also used to the second judgment module judgement to first application
In the application identification information of program, includes the default identification information, then judge that the second message includes second data
Request or second response data.
Optionally, described to establish module 34, the first listening port for being also used to establish in the first network and the second list
To the second communication connection between gateway.
Optionally, first receiving module 31 is also used to receive from first application program to described second
First response data of request of data.
Optionally, when the first network is Intranet, second network is outer net;When the first network is outer net
When, second network is Intranet.
For device embodiment, since it is basically similar to the method embodiment, related so being described relatively simple
Place illustrates referring to the part of embodiment of the method.
All the embodiments in this specification are described in a progressive manner, the highlights of each of the examples are with
The difference of other embodiments, the same or similar parts between the embodiments can be referred to each other.
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present invention can provide as method, apparatus or calculate
Machine program product.Therefore, the embodiment of the present invention can be used complete hardware embodiment, complete software embodiment or combine software and
The form of the embodiment of hardware aspect.Moreover, the embodiment of the present invention can be used one or more wherein include computer can
With in the computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) of program code
The form of the computer program product of implementation.
The embodiment of the present invention be referring to according to the method for the embodiment of the present invention, terminal device (system) and computer program
The flowchart and/or the block diagram of product describes.It should be understood that flowchart and/or the block diagram can be realized by computer program instructions
In each flow and/or block and flowchart and/or the block diagram in process and/or box combination.It can provide these
Computer program instructions are set to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing terminals
Standby processor is to generate a machine, so that being held by the processor of computer or other programmable data processing terminal devices
Capable instruction generates for realizing in one or more flows of the flowchart and/or one or more blocks of the block diagram
The device of specified function.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing terminal devices
In computer-readable memory operate in a specific manner, so that instruction stored in the computer readable memory generates packet
The manufacture of command device is included, which realizes in one side of one or more flows of the flowchart and/or block diagram
The function of being specified in frame or multiple boxes.
These computer program instructions can also be loaded into computer or other programmable data processing terminal devices, so that
Series of operation steps are executed on computer or other programmable terminal equipments to generate computer implemented processing, thus
The instruction executed on computer or other programmable terminal equipments is provided for realizing in one or more flows of the flowchart
And/or in one or more blocks of the block diagram specify function the step of.
Although the preferred embodiment of the embodiment of the present invention has been described, once a person skilled in the art knows bases
This creative concept, then additional changes and modifications can be made to these embodiments.So the following claims are intended to be interpreted as
Including preferred embodiment and fall into all change and modification of range of embodiment of the invention.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning
Covering non-exclusive inclusion, so that process, method, article or terminal device including a series of elements not only wrap
Those elements are included, but also including other elements that are not explicitly listed, or further includes for this process, method, article
Or the element that terminal device is intrinsic.In the absence of more restrictions, being wanted by what sentence "including a ..." limited
Element, it is not excluded that there is also other identical elements in process, method, article or the terminal device for including the element.
A kind of data transmission method provided by the present invention, a kind of data transmission device and a kind of data are transmitted above
System is described in detail, and used herein a specific example illustrates the principle and implementation of the invention, with
The explanation of upper embodiment is merely used to help understand method and its core concept of the invention;Meanwhile for the general of this field
Technical staff, according to the thought of the present invention, there will be changes in the specific implementation manner and application range, in conclusion
The contents of this specification are not to be construed as limiting the invention.
Claims (10)
1. a kind of data transmission method, which is characterized in that the described method includes:
Receive the first message of the first application program in first network;
Wherein, the first message includes first data of first application program to the second application program in the second network
Request or the first response data;
Wherein, it is physically isolated between the first network and second network;
From the first connection pool in first network, the first communication link between the first network and the first unidirectional gateway is obtained
It connects;
Using first communication connection, the first message is sent to the second network via the described first unidirectional gateway;
Wherein, the described first unidirectional gateway is used for from the first network to second transmitted data on network;
Establish the second communication connection between the first network and the second unidirectional gateway;
Wherein, the described second unidirectional gateway is used to transmit data from second network to the first network;
Using second communication connection, the second message from the described second unidirectional gateway is received;
Wherein, the second message is sent to second unidirectional network by second application program in second network
Lock;The second message includes that second application program responds the second request of data of first application program or second
Data;
Judge that the second message includes second request of data or second response data;
If the second message includes second request of data, second request of data is sent to first application
Program;
If the second message includes the second response data, second response data is sent to described first using journey
Sequence.
2. the method according to claim 1, wherein
It is described to be communicated to connect using described first, the first message is sent to the second network via the described first unidirectional gateway
Before, the method also includes:
Coded treatment is made to the first message;
It is described to be communicated to connect using described first, the first message is sent to the second net via the described first unidirectional gateway
Network, comprising:
Using first communication connection, the first message after coding is sent to second via the described first unidirectional gateway
Network.
3. the method according to claim 1, wherein the judgement second message includes second data
Before request or second response data, the method also includes:
Decoding process is made to the second message;
The judgement second message includes second request of data or second response data, comprising:
Judge that the decoded second message includes second request of data or second response data.
4. the method according to claim 1, wherein the judgement second message includes second data
Before request or second response data, the method also includes:
Obtain the default identification information of second application program carried in the second message;
Judgement is stored in advance into the application identification information of first application program, if includes the default identification information;
If it is not, then filtering the second message;
The judgement second message includes second request of data or second response data, comprising:
If being stored in advance into the application identification information of first application program, includes the default identification information, then judge
The second message includes second request of data or second response data.
5. the method according to claim 1, wherein it is described establish the first network and the second unidirectional gateway it
Between second communication connection, comprising:
Establish the second communication connection between the first listening port in the first network and the second unidirectional gateway.
6. a kind of data transmission device characterized by comprising
First receiving module, for receiving the first message of the first application program in first network;
Wherein, the first message includes first data of first application program to the second application program in the second network
Request or the first response data;
Wherein, it is physically isolated between the first network and second network;
First obtains module, for obtaining the first network and the first unidirectional network from the first connection pool in first network
The first communication connection between lock;
First sending module, for being communicated to connect using described first, by the first message via the described first unidirectional gateway
It is sent to the second network;
Wherein, the described first unidirectional gateway is used for from the first network to second transmitted data on network;
Module is established, the second communication connection for establishing between the first network and the second unidirectional gateway;
Wherein, the described second unidirectional gateway is used to transmit data from second network to the first network;
Second receiving module, for receiving the second message from the described second unidirectional gateway using second communication connection;
Wherein, the second message is sent to second unidirectional network by second application program in second network
Lock;The second message includes that second application program responds the second request of data of first application program or second
Data;
First judgment module, for judging that the second message includes second request of data or second number of responses
According to;
Second sending module, if including second request of data for the second message, by second request of data
It is sent to first application program;
Third sending module sends second response data if including the second response data for the second message
To first application program.
7. device according to claim 6, which is characterized in that described device further include:
Coding module, for making coded treatment to the first message;
First sending module is also used to using first communication connection, by the first message after coding via institute
It states the first unidirectional gateway and is sent to the second network.
8. device according to claim 6, which is characterized in that described device further include:
Decoder module, for making decoding process to the second message;
The first judgment module is also used to judge that the decoded second message includes second request of data or institute
State the second response data.
9. device according to claim 6, which is characterized in that described device further include:
Second obtains module, for obtaining the default identification information of second application program carried in the second message;
Second judgment module is stored in advance for judging into the application identification information of first application program, if include
The default identification information;
Filtering module, if being stored in advance for second judgment module judgement to the application identities letter of first application program
In breath, does not include the default identification information, then filter the second message;
The first judgment module is stored in advance if being also used to the second judgment module judgement to first application program
In application identification information, include the default identification information, then judge the second message include second request of data also
It is second response data.
10. device according to claim 6, which is characterized in that
It is described to establish module, it is also used to establish between the first listening port in the first network and the second unidirectional gateway
Two communication connections.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811614050.3A CN109450948B (en) | 2018-12-27 | 2018-12-27 | Data transmission method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811614050.3A CN109450948B (en) | 2018-12-27 | 2018-12-27 | Data transmission method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109450948A true CN109450948A (en) | 2019-03-08 |
| CN109450948B CN109450948B (en) | 2020-01-03 |
Family
ID=65539706
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811614050.3A Active CN109450948B (en) | 2018-12-27 | 2018-12-27 | Data transmission method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109450948B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110351379A (en) * | 2019-07-17 | 2019-10-18 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus of communication control, electronic equipment and storage medium |
| CN110365778A (en) * | 2019-07-17 | 2019-10-22 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus of communication control, electronic equipment and storage medium |
| CN110365779A (en) * | 2019-07-17 | 2019-10-22 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus of communication control, electronic equipment and storage medium |
| CN111131299A (en) * | 2019-12-31 | 2020-05-08 | 上海依图网络科技有限公司 | Trans-gatekeeper data transmission method, device, medium and system based on kubernets platform |
| CN112217848A (en) * | 2019-07-11 | 2021-01-12 | 千寻位置网络有限公司 | Emergency positioning method and system thereof |
| CN113507480A (en) * | 2021-07-23 | 2021-10-15 | 北京众享比特科技有限公司 | Network equipment, network gate equipment and system, and data transmission and reporting method between networks |
| CN114124929A (en) * | 2021-09-29 | 2022-03-01 | 奇安信科技集团股份有限公司 | Cross-network data processing method and device |
| CN115632818A (en) * | 2022-09-23 | 2023-01-20 | 山东首瀚信息科技有限公司 | Method for safely isolating one-way reliable transmission between video private network and internal private network |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101697536A (en) * | 2009-10-16 | 2010-04-21 | 深圳市科陆电子科技股份有限公司 | Method for transmitting mass data in real time by penetrating positive physical isolation device |
| CN103491072A (en) * | 2013-09-06 | 2014-01-01 | 北京信息控制研究所 | Boundary access control method based on double one-way separation gatekeepers |
| CN107454186A (en) * | 2017-08-24 | 2017-12-08 | 国网浙江省电力公司衢州供电公司 | A kind of data safe transmission method based on message queue |
| CN107634984A (en) * | 2017-08-07 | 2018-01-26 | 国网河南省电力公司 | A kind of file synchronisation method based on one-way transmission path |
| CN108234506A (en) * | 2018-01-15 | 2018-06-29 | 马晓东 | A kind of unidirection insulation network brake and data transmission method |
| US20180255102A1 (en) * | 2017-03-03 | 2018-09-06 | Microsoft Technology Licensing, Llc | Incremental security policy development for an enterprise network |
| CN108540499A (en) * | 2018-06-26 | 2018-09-14 | 中国华电集团科学技术研究总院有限公司 | Electric power networks data transmission system with duplex channel and data transmission method |
| CN108810011A (en) * | 2018-06-29 | 2018-11-13 | 南京南瑞继保电气有限公司 | A kind of universal network secure accessing sound zone system and message processing method suitable for power private network |
| CN208257855U (en) * | 2018-06-26 | 2018-12-18 | 中国华电集团科学技术研究总院有限公司 | Electric power networks data transmission system with duplex channel |
-
2018
- 2018-12-27 CN CN201811614050.3A patent/CN109450948B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101697536A (en) * | 2009-10-16 | 2010-04-21 | 深圳市科陆电子科技股份有限公司 | Method for transmitting mass data in real time by penetrating positive physical isolation device |
| CN103491072A (en) * | 2013-09-06 | 2014-01-01 | 北京信息控制研究所 | Boundary access control method based on double one-way separation gatekeepers |
| US20180255102A1 (en) * | 2017-03-03 | 2018-09-06 | Microsoft Technology Licensing, Llc | Incremental security policy development for an enterprise network |
| CN107634984A (en) * | 2017-08-07 | 2018-01-26 | 国网河南省电力公司 | A kind of file synchronisation method based on one-way transmission path |
| CN107454186A (en) * | 2017-08-24 | 2017-12-08 | 国网浙江省电力公司衢州供电公司 | A kind of data safe transmission method based on message queue |
| CN108234506A (en) * | 2018-01-15 | 2018-06-29 | 马晓东 | A kind of unidirection insulation network brake and data transmission method |
| CN108540499A (en) * | 2018-06-26 | 2018-09-14 | 中国华电集团科学技术研究总院有限公司 | Electric power networks data transmission system with duplex channel and data transmission method |
| CN208257855U (en) * | 2018-06-26 | 2018-12-18 | 中国华电集团科学技术研究总院有限公司 | Electric power networks data transmission system with duplex channel |
| CN108810011A (en) * | 2018-06-29 | 2018-11-13 | 南京南瑞继保电气有限公司 | A kind of universal network secure accessing sound zone system and message processing method suitable for power private network |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112217848A (en) * | 2019-07-11 | 2021-01-12 | 千寻位置网络有限公司 | Emergency positioning method and system thereof |
| CN112217848B (en) * | 2019-07-11 | 2022-04-19 | 千寻位置网络有限公司 | Emergency positioning method and system thereof |
| CN110365779B (en) * | 2019-07-17 | 2022-04-01 | 腾讯科技(深圳)有限公司 | Communication control method and device, electronic equipment and storage medium |
| CN110365778A (en) * | 2019-07-17 | 2019-10-22 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus of communication control, electronic equipment and storage medium |
| CN110365779A (en) * | 2019-07-17 | 2019-10-22 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus of communication control, electronic equipment and storage medium |
| CN110351379A (en) * | 2019-07-17 | 2019-10-18 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus of communication control, electronic equipment and storage medium |
| CN110351379B (en) * | 2019-07-17 | 2021-09-03 | 腾讯科技(深圳)有限公司 | Communication control method and device, electronic equipment and storage medium |
| CN111131299A (en) * | 2019-12-31 | 2020-05-08 | 上海依图网络科技有限公司 | Trans-gatekeeper data transmission method, device, medium and system based on kubernets platform |
| CN113507480A (en) * | 2021-07-23 | 2021-10-15 | 北京众享比特科技有限公司 | Network equipment, network gate equipment and system, and data transmission and reporting method between networks |
| CN113507480B (en) * | 2021-07-23 | 2023-10-27 | 北京众享比特科技有限公司 | Network equipment, gateway equipment and system and inter-network data transmission and reporting method |
| CN114124929A (en) * | 2021-09-29 | 2022-03-01 | 奇安信科技集团股份有限公司 | Cross-network data processing method and device |
| CN114124929B (en) * | 2021-09-29 | 2024-03-29 | 奇安信科技集团股份有限公司 | Cross-network data processing method and device |
| CN115632818A (en) * | 2022-09-23 | 2023-01-20 | 山东首瀚信息科技有限公司 | Method for safely isolating one-way reliable transmission between video private network and internal private network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109450948B (en) | 2020-01-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109450948A (en) | Data transmission method and device | |
| CN104967595B (en) | The method and apparatus that equipment is registered in platform of internet of things | |
| US8250214B2 (en) | System, method and computer program product for communicating with a private network | |
| US9294519B2 (en) | File server device | |
| US7882254B2 (en) | Common protocol layer architecture and methods for transmitting data between different network protocols and a common protocol packet | |
| CN105656915B (en) | Immediate communication methods, devices and systems | |
| US10193848B2 (en) | System and related method for management of devices of a network system via social media interfaces | |
| CN102882828A (en) | Information safe transmission control method between inside network and outside network and gateway thereof | |
| CN112291514B (en) | Remote audio and video call method and device and OTT platform system | |
| US20070263598A1 (en) | Method, system, and computer-readable medium for simulating a converged network with a single media gateway and media gateway controller | |
| CN106789952B (en) | Method and system for serving local area network into internet | |
| US11128663B2 (en) | Synchronizing link and event detection mechanisms with a secure session associated with the link | |
| CN107071060A (en) | A kind of SFTP files transmitting method and system | |
| RU2740305C2 (en) | Method of port multiplexing and server in video conferencing system and computer-readable data medium | |
| CN109889521A (en) | Memory, communication channel multiplexing implementation method, device and equipment | |
| CN113301106A (en) | Operation and maintenance processing system, method and device | |
| US20060140373A1 (en) | Method to invoke service among devices in home network | |
| CN111787078B (en) | Signaling control system and communication method based on elevator Internet of things | |
| CN102857574B (en) | Information processing method and apparatus for Internet of Things | |
| CN106331051B (en) | Document transmission method and system and reception file device send file device | |
| US20080267385A1 (en) | Method of Transferring Communication Streams | |
| US10771511B2 (en) | Communication method to maintain an application session between a terminal and an application server | |
| CN107995184B (en) | Connector and communication method using same | |
| CN114301967B (en) | Control method, device and equipment for narrowband Internet of things | |
| US20060047784A1 (en) | Method, apparatus and system for remotely and dynamically configuring network elements in a network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |